Google has released multiple security updates to address several high-severity zero-day vulnerabilities in its Chrome web browser. These vulnerabilities have been actively exploited in the wild, posing significant security risks to users. This advisory provides an overview of the identified vulnerabilities and recommended actions to mitigate potential threats.
CVE-2024-4671: Use-After-Free in Visuals
Description: This vulnerability is a use-after-free bug in the Visuals component of Chrome.
Impact: It can lead to a crash or arbitrary code execution.
Discovery: Reported by an anonymous researcher on May 7, 2024.
Exploitation: Google confirmed active exploitation in the wild but has not disclosed specific attack details.
Patched Version: Chrome version 124.0.6367.201/.202 for Windows and macOS, 124.0.6367.201 for Linux.
CVE-2024-4761: Out-of-Bounds Write in V8
Description: This high-severity bug affects the V8 JavaScript and WebAssembly engine, involving out-of-bounds write operations.
Impact: Can result in data corruption, crashes, or arbitrary code execution.
Discovery: Anonymously reported on May 9, 2024.
Exploitation: Actively exploited in the wild, with details withheld to prevent further attacks.
Patched Version: Chrome version 124.0.6367.207/.208 for Windows and macOS, 124.0.6367.207 for Linux.
CVE-2024-4947: Type Confusion in V8
Description: A type confusion vulnerability in the V8 engine, reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024.
Impact: Allows out-of-bounds memory access, crashes, and arbitrary code execution.
Exploitation: Actively exploited in the wild with specific details not disclosed.
Patched Version: Chrome version 125.0.6422.60/.61 for Windows and macOS, 125.0.6422.60 for Linux.
Immediate Update: Users should update Chrome to the latest versions to mitigate these vulnerabilities:
Windows and macOS: Version 125.0.6422.60/.61
Linux: Version 125.0.6422.60
Chromium-Based Browsers: Users of browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the relevant updates as they become available.
Awareness: Stay informed about security updates and promptly apply patches to reduce the risk of exploitation.
The discovery of multiple zero-day vulnerabilities in Chrome underscores the ongoing threats posed by such security flaws. Active exploitation of these vulnerabilities highlights the urgency for users to update their browsers immediately. By following the recommended actions and keeping software up-to-date, users can protect themselves against potential attacks leveraging these vulnerabilities.
Stay vigilant and ensure that all security patches are applied to maintain a secure browsing environment.
Note: This threat advisory serves as a precautionary measure to inform and protect users against potential security threats.
If you have any questions or require further information on any other Cyber Security matters, please don’t hesitate to contact our dedicated team at [email protected].
If you want to see more about the SOC service we offer, please follow this link https://maidar.io
To ask a question, go to our support portal, Maidar Secure SOC Customer Support
